File States:The Good, The Bad, The Unknown

In a perfect world, there would only be two kinds of files or processes: known good or known bad. Of
course we don’t live in such a world and there is a vast expanse between the known good and known bad. This vast expanse in
between good and bad, is the unknown and this is where most of the problems in security stem from.

The known good are files that have been indentified as benign and should run unencumbered. Bad files can
cause damage to a system and should be stopped. Unknown files have not been seen in your environment before – they could be
benign, but they may also be malicious.

The Good Files:Certificates and Creating A Good File List

Comodo is the largest brand of certification authorities in the world. Certification authorities
issue digital certificates. These digital certificates are used for many reason and some of them are for
encrypting sensitive information, we call this SSL, or digitally signing Applications so that the operating system
will trust this digitally signed application when executing. As the largest single provider and exclusive provider
to major technology leaders, Comodo has an unparalleled visibility to all the legitimate publishers out there in
the world, who are building and releasing applications. We use this expertise and knowledge and feed this into our
containment solution as list of good files.

The Bad Files:Comodo Antivirus Lab and Creating a Bad File list

Comodo’s AV Lab knows the bad files hence can create a bad file list: Comodo has one of the
largest
anti-virus labs in the world. It spans from the USA, to Romania, to Ukraine, Turkey, India, China. We draw
from expertise from all around the world to help identify malware. Our Malware research labs are made of not only
the best malware analysts in the world, but also equipped with the cutting edge technology to help identify latest
malware using automated systems like Dynamic analysis, static analysis, behavioural analysis, reputation analysis
and many more techniques. Comodo also makes its automated systems for the good of everyone out there available for
free at camas.comodo.com so that we can all join together in the fight against malware. CAMAS is a cloud based
malware analysis sandbox that can verdict if a file is malicious or not and is available for free for anyone.

Arriving at a Verdict

In order to reach a verdict of whether something unknown is good or bad, it takes time to analyze
and classify characteristics and behavior to come to a final conclusion. The amount of time it takes to reach a
verdict represents a ‘window of exposure’ where there is risk in executing or opening a file and potentially an
infection or ‘patient zero’ condition occurs. This is what occurs with conventional solutions that must analyze a
‘zero day’ attack to understand its behavior or arrive at a signature for inclusion in a blacklist.

Assumption-based vs Definitive Verdicting

Existing solutions typically evaluate a file or application to arrive at a decision on whether or not is is bad, but otherwise
assume that the file is good. For example, conventional AV technology uses signatures to identity known bad files, but assumes
that the remaining files are good. Similarly, “next gen” endpoint protection technologies look at behaviors and use artificial
intelligence and machine learning techniques to identify applications as potentially bad, but assumes the remaining files are
not bad. Comodo uses a different approach to arrive at definitive verdicts of good and bad, and avoids the assumption-based
approach found in conventional solutions.

Comodo AEP and Definitive Verdicts

Comodo Advanced Endpoint Protection leverages definitive verdicts to
ensure that there are no
unknown files able to inflict damage on unsuspecting users without impeding their productivity. The
result is guaranteed protection without loss of time, money or user productivity